1 files changed, 37 insertions, 37 deletions

diff --git a/daemon/pgsql.c b/daemon/pgsql.c
index 225bc65..6ed5658 100644
--- a/daemon/pgsql.c
+++ b/daemon/pgsql.c
@@ -7,7 +7,7 @@
 
 #include <sys/time.h>
 
-/* LDAP library */
+/* Postgresql library */
 #include <libpq-fe.h>
 
 /* -------------------------------------------------------------------------------
@@ -37,7 +37,7 @@ typedef struct pgsql_context
     const char* ha1_column;   /* The database query to retrieve a ha1 */
 
     int pgsql_max;            /* Number of open connections allowed */
-    int pgsql_timeout;        /* Maximum amount of time to dedicate to an ldap query */
+    int pgsql_timeout;        /* Maximum amount of time to dedicate to a query */
 
     /* Context ----------------------------------------------------------- */
     PGconn** pool;            /* Pool of available connections */
@@ -84,11 +84,12 @@ static void escape_pgsql(const ha_request_t* rq, ha_buffer_t* buf, const char* v
 
     len = strlen(value);
 
-    /* Bit of a hack, we copy the string in twice to give enough room. */
-    if((t = (char*)ha_bufmalloc(buf, (len * 2) + 1)) != NULL)
+    t = (char*)malloc((len * 2) + 1);
+    if(t != NULL)
     {
         PQescapeString(t, value, len);
         ha_bufcpy(buf, t);
+        free(t);
     }
 }
 
@@ -192,11 +193,11 @@ static int validate_password(ha_request_t* rq, pgsql_context_t* ctx, const char*
     /* Crypt pw */
     case DB_PW_CRYPT:
 
-        ha_lock();
-            p = crypt(clearpw, dbpw);
-        ha_unlock();
+        ha_lock(NULL);
+            p = (const char*)crypt(clearpw, dbpw);
+        ha_unlock(NULL);
 
-        if(p && strcmp(clearpw, p) == 0)
+        if(p && strcmp(dbpw, p) == 0)
         {
             ha_messagex(rq, LOG_DEBUG, "found matching crypt password");
             return HA_OK;
@@ -336,11 +337,11 @@ static int check_pgsql_result(ha_request_t* rq, PGresult* res)
         ha_messagex(rq, LOG_ERR, "error communicating with pgsql server");
         return HA_FAILED;
     case PGRES_NONFATAL_ERROR:
+        ha_messagex(rq, LOG_ERR, "warning querying database: %s", PQresultErrorMessage(res));
+        return HA_OK;
+    case PGRES_FATAL_ERROR:
         ha_messagex(rq, LOG_ERR, "error querying database: %s", PQresultErrorMessage(res));
         return HA_FAILED;
-    case PGRES_FATAL_ERROR:
-        ha_messagex(rq, LOG_CRIT, "internal error in postgres library");
-        return HA_CRITERROR;
     case PGRES_COPY_OUT:
     case PGRES_COPY_IN:
     default:
@@ -375,25 +376,19 @@ static int retrieve_user_rows(ha_request_t* rq, pgsql_context_t* ctx,
     const char* query;
     int ret = HA_OK;
 
-    ASSERT(rq && ctx && user && res);
+    ASSERT(rq && ctx && user && results);
     *results = NULL;
 
     pg = get_pgsql_connection(rq, ctx);
     if(!pg)
-    {
-        ret = HA_FAILED;
-        goto finally;
-    }
+        RETURN(HA_FAILED);
 
     ASSERT(ctx->query);
 
     /* The map can have %u and %r to denote user and realm */
     query = bd_substitute(rq, user, ctx->query);
     if(!query)
-    {
-        ret = HA_CRITERROR;
-        goto finally;
-    }
+        RETURN(HA_CRITERROR);
 
     ha_messagex(rq, LOG_DEBUG, "executing query: %s", query);
     res = PQexec(pg, query);
@@ -401,27 +396,29 @@ static int retrieve_user_rows(ha_request_t* rq, pgsql_context_t* ctx,
 
     ret = check_pgsql_result(rq, res);
     if(ret != HA_OK)
-        goto finally;
+        RETURN(ret);
 
     if(PQntuples(res) == 0)
     {
         ha_messagex(rq, LOG_WARNING, "login failed. couldn't find user: %s", user);
-        ret = HA_FALSE;
-        goto finally;
+        RETURN(HA_FALSE);
     }
 
     if(PQnfields(res) <= 0)
     {
         ha_messagex(rq, LOG_ERR, "query returned 0 columns: %s", query);
-        ret = HA_FAILED;
-        goto finally;
+        RETURN(HA_FAILED);
     }
 
     *results = res;
+    res = NULL;
     ha_messagex(rq, LOG_DEBUG, "received %d result rows", PQntuples(res));
 
 finally:
 
+    if(res != NULL)
+        PQclear(res);
+
     /* According to libpg we can close/save the connection
      * before the returned results are freed, no worries there */
     if(pg != NULL)
@@ -443,7 +440,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
 
     ret = retrieve_user_rows(rq, ctx, user, &res);
     if(ret != HA_OK)
-        goto finally;
+        RETURN(ret);
 
     ASSERT(res);
 
@@ -467,12 +464,13 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
                 foundany = 1;
 
                 digest_makeha1(dg->ha1, user, rq->context->realm, PQgetvalue(res, i, pw_column));
+                ha_messagex(rq, LOG_DEBUG, "testing clear text password for digest auth");
 
                 /* Run the actual check */
                 ret = digest_complete_check(dg, rq->buf);
 
                 if(ret != HA_FALSE)
-                    goto finally;
+                    RETURN(ret);
             }
         }
 
@@ -482,7 +480,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
             {
                 ret = dec_pgsql_binary(rq, PQgetvalue(res, i, ha1_column), dg->ha1, MD5_LEN);
                 if(ret < 0)
-                    goto finally;
+                    RETURN(ret)
                 else if(ret == HA_FALSE)
                     continue;
 
@@ -492,7 +490,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t*
                 ret = digest_complete_check(dg, rq->buf);
 
                 if(ret != HA_FALSE)
-                    goto finally;
+                    RETURN(ret);
             }
         }
     }
@@ -520,7 +518,7 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo
 
     ret = retrieve_user_rows(rq, ctx, user, &res);
     if(ret != HA_OK)
-        goto finally;
+        RETURN(ret);
 
     ASSERT(res);
 
@@ -544,7 +542,7 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo
                 foundany = 1;
                 ret = validate_password(rq, ctx, user, password, PQgetvalue(res, i, pw_column));
                 if(ret != HA_FALSE)
-                    goto finally;
+                    RETURN(ret);
             }
         }
 
@@ -555,7 +553,7 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo
                 foundany = 1;
                 ret = validate_ha1(rq, ctx, user, password, PQgetvalue(res, i, ha1_column));
                 if(ret != HA_FALSE)
-                    goto finally;
+                    RETURN(ret);
             }
         }
     }
@@ -625,19 +623,21 @@ int pgsql_config(ha_context_t* context, const char* name, const char* value)
 
     if(strcmp(name, "dbpwtype") == 0)
     {
-        if(strcmp(value, "clear") == 0)
+        if(strcasecmp(value, "clear") == 0)
             ctx->pw_type = DB_PW_CLEAR;
-        else if(strcmp(value, "crypt") == 0)
+        else if(strcasecmp(value, "crypt") == 0)
             ctx->pw_type = DB_PW_CRYPT;
-        else if(strcmp(value, "md5") == 0)
+        else if(strcasecmp(value, "md5") == 0)
             ctx->pw_type = DB_PW_MD5;
-        else if(strcmp(value, "sha1") == 0)
+        else if(strcasecmp(value, "sha1") == 0)
             ctx->pw_type = DB_PW_SHA1;
         else
         {
             ha_messagex(NULL, LOG_ERR, "invalid value for '%s' (must be 'clear', 'crypt', 'md5' or 'sha1')", name);
             return HA_FAILED;
         }
+
+        return HA_OK;
     }
 
     if(strcmp(name, "dbha1column") == 0)
@@ -676,7 +676,7 @@ int pgsql_init(ha_context_t* context)
         /* Check for mandatory configuration */
         if(!ctx->database || !ctx->query)
         {
-            ha_messagex(NULL, LOG_ERR, "configuration incomplete. "
+            ha_messagex(NULL, LOG_ERR, "pgsql configuration incomplete. "
                                        "Must have DBDatabase and DBQuery.");
             return HA_FAILED;
         }